Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the -wavelet-denoise operator. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
A flaw was found in ImageMagick. A local user could exploit a heap buffer over-read vulnerability by processing a specially crafted image with small dimensions using the -wavelet-denoise operator. This vulnerability may lead to the disclosure of sensitive information.
Отчет
This MODERATE impact vulnerability in ImageMagick affects Red Hat Enterprise Linux. A heap buffer over-read can occur when processing images with small dimensions using the -wavelet-denoise operator. This flaw could lead to information disclosure or denial of service.
Меры по смягчению последствий
To reduce exposure, avoid processing untrusted or maliciously crafted images with ImageMagick. If processing untrusted content is necessary, consider executing ImageMagick operations within a sandboxed environment to contain potential risks.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ImageMagick | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ImageMagick | Out of support scope |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
7.1 High
CVSS3
Связанные уязвимости
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
ImageMagick is free and open-source software used for editing and mani ...
ImageMagick: Heap Buffer Over-read in WaveletDenoise when processing small images
Уязвимость консольного графического редактора ImageMagick, связанная с чтением за границами буфера памяти, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
EPSS
7.1 High
CVSS3